v2.9.1 mac X86 64 binary is actual an ARM64, not x86

[rsulliva]

hi there,

I would like to parse some evtx files on my X86 mac... thought I'd try chainsaw.

while the apple binary is labelled x86 it seems to be ARM64?

rob

norris3:chainsaw rob$ ls -rlt
total 53592
drwxr-xr-x@ 16 rob  staff       512 Jun 21 07:09 rules
drwxr-xr-x@  4 rob  staff       128 Jun 21 07:09 mappings
-rw-r--r--@  1 rob  staff     50365 Jun 21 07:09 README.md
-rw-r--r--@  1 rob  staff     35142 Jun 21 07:09 LICENCE
drwxr-xr-x@ 26 rob  staff       832 Jun 21 07:09 sigma
-rw-r--r--@  1 rob  staff  10155016 Jun 21 07:09 chainsaw_x86_64-unknown-linux-gnu
-rw-r--r--@  1 rob  staff   9176064 Jun 21 07:09 chainsaw_x86_64-pc-windows-msvc.exe
**-rw-r--r--@  1 rob  staff   8010024 Jun 21 07:09 chainsaw_x86_64-apple-darwin**

norris3:chainsaw rob$ chmod u+x chainsaw_x86_64-apple-darwin 

norris3:chainsaw rob$ file chainsaw_x86_64-apple-darwin 
chainsaw_x86_64-apple-darwin: Mach-O 64-bit arm64 executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|PIE|HAS_TLV_DESCRIPTORS>

norris3:chainsaw rob$ ./chainsaw_x86_64-apple-darwin 
-bash: ./chainsaw_x86_64-apple-darwin: Bad CPU type in executable

norris3:chainsaw rob$ ls -l ../chain*.zip
-rw-r--r--@ 1 rob  staff  31474552 Jun 21 07:09 ../chainsaw_all_platforms+rules.zip

norris3:chainsaw rob$ sysctl -n machdep.cpu.brand_string
Intel(R) Core(TM) i7-7567U CPU @ 3.50GHz

[rsulliva]

note that 2.8.1 is fine, it is x86 64 and it runs fine

rob

norris3:chainsaw 2 rob$ chmod u+x chainsaw 
norris3:chainsaw 2 rob$ file chainsaw 
chainsaw: Mach-O 64-bit x86_64 executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|PIE|HAS_TLV_DESCRIPTORS>

\norris3:chainsaw 2 rob$ ./chainsaw --version
chainsaw 2.8.1

[alexkornitzer]

Thanks for raising, i'll have a look into what the GitHub runners are doing.

[alexkornitzer]

This should be fixed now.